Some Mobile Trojans Are Part of Commercial Spying Services

Commercial spying services available for Symbian and Windows Mobile phones

Security researchers from Trend Micro have identified a commercial service that allows people to distribute a mobile trojan and receive the data stolen by it.

"We’ve been reporting about several NICKISPY variants—Android malware that can monitor a mobile phone user’s activities and whereabouts like SMS, phone calls, and location—[...] and we’ve been curious as to how cybercriminals use private information and earn money from stealing it," the researchers write.

"Now, we have a clear example. We found a Chinese website that offers a mobile phone monitoring service.

"Once a customer decides to employ the service, he/she gets an account to log in to a backend server of the service, from which information gathered from a target device can be viewed," they explain.

The service's customers have the ability to customize the trojan and input the victim's phone number. This will lead to a malicious MMS being sent to the targeted individual.

If the trojan is successfully deployed, the attacker can see the information sent back to the command and control service through the web portal. The stolen data includes SMS messages, phone calls, GPS location and email messages.

According to the Trend Micro researchers, the service currently costs 2,000 – 3,600 Chinese yuan (300 – 540 USD), a high price by any standards. Giving the common corporate espionage practices in China, the service might be targeted at business users.

The trojan currently works on Symbian and Windows Mobile, but security experts are expecting an Android version to be launched too, especially since trojans with similar chracteristics have been observed on Google's platform.

"The spying business seems to be booming in the mobile threat landscape, as such, users are strongly advised to secure their devices and to make sure that there are no spying applications installed in them," they add.